From b370ce043e2a578b78ca2aa7cc28f11aadf8d0cc Mon Sep 17 00:00:00 2001 From: Andrew Rynhard Date: Thu, 30 Aug 2018 07:45:15 -0700 Subject: [PATCH] refactor(initramfs): rename rotd to trustd (#148) --- src/image/.conform.yaml | 2 +- src/initramfs/.conform.yaml | 50 +++++++----- src/initramfs/cmd/init/main.go | 4 +- src/initramfs/cmd/init/pkg/service/kubeadm.go | 10 +-- src/initramfs/cmd/init/pkg/service/proxyd.go | 16 ++-- src/initramfs/cmd/init/pkg/service/rotd.go | 20 ++--- src/initramfs/cmd/osd/main.go | 8 +- src/initramfs/cmd/osd/pkg/gen/gen.go | 8 +- src/initramfs/cmd/{rotd => trustd}/main.go | 6 +- .../cmd/{rotd => trustd}/pkg/reg/reg.go | 10 +-- .../cmd/{rotd => trustd}/proto/api.pb.go | 76 +++++++++---------- .../cmd/{rotd => trustd}/proto/api.proto | 4 +- src/initramfs/pkg/userdata/userdata.go | 6 +- 13 files changed, 114 insertions(+), 106 deletions(-) rename src/initramfs/cmd/{rotd => trustd}/main.go (90%) rename src/initramfs/cmd/{rotd => trustd}/pkg/reg/reg.go (90%) rename src/initramfs/cmd/{rotd => trustd}/proto/api.pb.go (80%) rename src/initramfs/cmd/{rotd => trustd}/proto/api.proto (92%) diff --git a/src/image/.conform.yaml b/src/image/.conform.yaml index 66b933434..028d2bfca 100644 --- a/src/image/.conform.yaml +++ b/src/image/.conform.yaml @@ -65,6 +65,6 @@ tasks: COPY --from=dianemo/kernel:{{ .Docker.Image.Tag }} /tmp/lib/modules /generated/rootfs/lib/modules COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/osd /generated/rootfs/bin/osd COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/proxyd /generated/rootfs/bin/proxyd - COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/rotd /generated/rootfs/bin/rotd + COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/trustd /generated/rootfs/bin/trustd COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/init /generated/rootfs/bin/init RUN {{if .Git.IsClean}}XZ_OPT=-9e{{else}}XZ_OPT=-0{{end}} tar -cvpJf /generated/rootfs.tar.xz -C /generated/rootfs . diff --git a/src/initramfs/.conform.yaml b/src/initramfs/.conform.yaml index 3429192de..65edf5033 100644 --- a/src/initramfs/.conform.yaml +++ b/src/initramfs/.conform.yaml @@ -15,20 +15,20 @@ stages: destination: ../../build/osctl-darwin-amd64 tasks: - src - - osd - - proxyd - - rotd - - osctl - init - - test - initramfs + - trustd + - proxyd + - osd + - osctl + - test - image generate: artifacts: - source: /src/github.com/autonomy/dianemo/src/initramfs/cmd/osd/proto destination: ./cmd/osd - - source: /src/github.com/autonomy/dianemo/src/initramfs/cmd/rotd/proto - destination: ./cmd/rotd + - source: /src/github.com/autonomy/dianemo/src/initramfs/cmd/trustd/proto + destination: ./cmd/trustd tasks: - proto tasks: @@ -36,13 +36,13 @@ tasks: template: | FROM scratch WORKDIR /tmp - COPY --from=src /osctl-linux-amd64 osctl-linux-amd64 - COPY --from=src /osctl-darwin-amd64 osctl-darwin-amd64 - COPY --from=src /osd osd - COPY --from=src /proxyd proxyd - COPY --from=src /rotd rotd COPY --from=src /initramfs/init init COPY --from=src /initramfs/initramfs.xz initramfs.xz + COPY --from=src /trustd trustd + COPY --from=src /proxyd proxyd + COPY --from=src /osd osd + COPY --from=src /osctl-linux-amd64 osctl-linux-amd64 + COPY --from=src /osctl-darwin-amd64 osctl-darwin-amd64 CMD false init: template: | @@ -107,27 +107,22 @@ tasks: WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/osd COPY ./cmd/osd/proto ./proto RUN protoc -I/usr/local/include -I./proto --go_out=plugins=grpc:proto proto/api.proto - WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/rotd - COPY ./cmd/rotd/proto ./proto + WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/trustd + COPY ./cmd/trustd/proto ./proto RUN protoc -I/usr/local/include -I./proto --go_out=plugins=grpc:proto proto/api.proto proxyd: template: | WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/{{ .Docker.CurrentStage }} {{ if and .Git.IsClean .Git.IsTag }} RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a \ - -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=ProxyD -X {{ index .Variables "versionPath" }}.Tag={{ .Git.Tag }} -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }} -X \"{{ index .Variables "versionPath" }}.Built={{ .Built }}\"" \ + -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=Proxyd -X {{ index .Variables "versionPath" }}.Tag={{ .Git.Tag }} -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }} -X \"{{ index .Variables "versionPath" }}.Built={{ .Built }}\"" \ -o /{{ .Docker.CurrentStage }} {{ else }} RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a \ - -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=ProxyD -X {{ index .Variables "versionPath" }}.Tag=none -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }}" \ + -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=Proxyd -X {{ index .Variables "versionPath" }}.Tag=none -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }}" \ -o /{{ .Docker.CurrentStage }} {{ end }} RUN chmod +x /{{ .Docker.CurrentStage }} - rotd: - template: | - WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/{{ .Docker.CurrentStage }} - RUN CGO_ENABLED=0 go build -a -ldflags "-s -w" -o /{{ .Docker.CurrentStage }} - RUN chmod +x /{{ .Docker.CurrentStage }} src: template: | FROM dianemo/tools:{{ .Docker.Image.Tag }} AS {{ .Docker.CurrentStage }} @@ -147,3 +142,16 @@ tasks: RUN chmod +x ./hack/test.sh RUN ./hack/test.sh --lint ./hack/golangci-lint.yaml RUN ./hack/test.sh --unit + trustd: + template: | + WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/{{ .Docker.CurrentStage }} + {{ if and .Git.IsClean .Git.IsTag }} + RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a \ + -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=Trustd -X {{ index .Variables "versionPath" }}.Tag={{ .Git.Tag }} -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }} -X \"{{ index .Variables "versionPath" }}.Built={{ .Built }}\"" \ + -o /{{ .Docker.CurrentStage }} + {{ else }} + RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a \ + -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=Trustd -X {{ index .Variables "versionPath" }}.Tag=none -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }}" \ + -o /{{ .Docker.CurrentStage }} + {{ end }} + RUN chmod +x /{{ .Docker.CurrentStage }} diff --git a/src/initramfs/cmd/init/main.go b/src/initramfs/cmd/init/main.go index d65b95df7..e11de1597 100644 --- a/src/initramfs/cmd/init/main.go +++ b/src/initramfs/cmd/init/main.go @@ -110,8 +110,8 @@ func root() (err error) { log.Println("starting OS services") services.Start(&service.OSD{}) if data.Services.Kubeadm.Init != nil { - services.Start(&service.ROTD{}) - services.Start(&service.ProxyD{}) + services.Start(&service.Trustd{}) + services.Start(&service.Proxyd{}) } // Start the services essential to running Kubernetes. diff --git a/src/initramfs/cmd/init/pkg/service/kubeadm.go b/src/initramfs/cmd/init/pkg/service/kubeadm.go index 1260dca17..ab231d35f 100644 --- a/src/initramfs/cmd/init/pkg/service/kubeadm.go +++ b/src/initramfs/cmd/init/pkg/service/kubeadm.go @@ -15,7 +15,7 @@ import ( "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/constants" "github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/service/conditions" - "github.com/autonomy/dianemo/src/initramfs/cmd/rotd/proto" + "github.com/autonomy/dianemo/src/initramfs/cmd/trustd/proto" "github.com/autonomy/dianemo/src/initramfs/pkg/crypto/x509" "github.com/autonomy/dianemo/src/initramfs/pkg/grpc/middleware/auth/basic" "github.com/autonomy/dianemo/src/initramfs/pkg/net" @@ -90,8 +90,8 @@ func (p *Kubeadm) Post(data userdata.UserData) (err error) { creds := basic.NewCredentials( data.Security.OS.CA.Crt, - data.Services.ROTD.Username, - data.Services.ROTD.Password, + data.Services.Trustd.Username, + data.Services.Trustd.Password, ) var conn *grpc.ClientConn @@ -107,7 +107,7 @@ func (p *Kubeadm) Post(data userdata.UserData) (err error) { if err != nil { return } - client := proto.NewROTDClient(conn) + client := proto.NewTrustdClient(conn) files := []string{ "/etc/kubernetes/pki/ca.crt", @@ -248,7 +248,7 @@ func parse(data userdata.UserData) ([]byte, error) { return buf.Bytes(), err } -func writeFiles(client proto.ROTDClient, files []string) (err error) { +func writeFiles(client proto.TrustdClient, files []string) (err error) { errChan := make(chan error) doneChan := make(chan bool) ctx, cancelFunc := context.WithTimeout(context.Background(), 5*time.Minute) diff --git a/src/initramfs/cmd/init/pkg/service/proxyd.go b/src/initramfs/cmd/init/pkg/service/proxyd.go index bf2785df3..ff187e215 100644 --- a/src/initramfs/cmd/init/pkg/service/proxyd.go +++ b/src/initramfs/cmd/init/pkg/service/proxyd.go @@ -6,22 +6,22 @@ import ( "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" ) -// ProxyD implements the Service interface. It serves as the concrete type with +// Proxyd implements the Service interface. It serves as the concrete type with // the required methods. -type ProxyD struct{} +type Proxyd struct{} // Pre implements the Service interface. -func (p *ProxyD) Pre(data userdata.UserData) error { +func (p *Proxyd) Pre(data userdata.UserData) error { return nil } // Post implements the Service interface. -func (p *ProxyD) Post(data userdata.UserData) (err error) { +func (p *Proxyd) Post(data userdata.UserData) (err error) { return nil } // Cmd implements the Service interface. -func (p *ProxyD) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error { +func (p *Proxyd) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error { cmdArgs.Name = "proxyd" cmdArgs.Path = "/bin/proxyd" cmdArgs.Args = []string{} @@ -30,12 +30,12 @@ func (p *ProxyD) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error { } // Condition implements the Service interface. -func (p *ProxyD) Condition(data userdata.UserData) func() (bool, error) { +func (p *Proxyd) Condition(data userdata.UserData) func() (bool, error) { return conditions.WaitForFileExists("/etc/kubernetes/admin.conf") } // Env implements the Service interface. -func (p *ProxyD) Env() []string { return []string{} } +func (p *Proxyd) Env() []string { return []string{} } // Type implements the Service interface. -func (p *ProxyD) Type() Type { return Forever } +func (p *Proxyd) Type() Type { return Forever } diff --git a/src/initramfs/cmd/init/pkg/service/rotd.go b/src/initramfs/cmd/init/pkg/service/rotd.go index fa10ec22a..cbf6d3dc4 100644 --- a/src/initramfs/cmd/init/pkg/service/rotd.go +++ b/src/initramfs/cmd/init/pkg/service/rotd.go @@ -7,24 +7,24 @@ import ( "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" ) -// ROTD implements the Service interface. It serves as the concrete type with +// Trustd implements the Service interface. It serves as the concrete type with // the required methods. -type ROTD struct{} +type Trustd struct{} // Pre implements the Service interface. -func (p *ROTD) Pre(data userdata.UserData) error { +func (p *Trustd) Pre(data userdata.UserData) error { return nil } // Post implements the Service interface. -func (p *ROTD) Post(data userdata.UserData) (err error) { +func (p *Trustd) Post(data userdata.UserData) (err error) { return nil } // Cmd implements the Service interface. -func (p *ROTD) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error { - cmdArgs.Name = "rotd" - cmdArgs.Path = "/bin/rotd" +func (p *Trustd) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error { + cmdArgs.Name = "trustd" + cmdArgs.Path = "/bin/trustd" cmdArgs.Args = []string{ "--port=50001", "--userdata=" + constants.UserDataPath, @@ -34,12 +34,12 @@ func (p *ROTD) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error { } // Condition implements the Service interface. -func (p *ROTD) Condition(data userdata.UserData) func() (bool, error) { +func (p *Trustd) Condition(data userdata.UserData) func() (bool, error) { return conditions.None() } // Env implements the Service interface. -func (p *ROTD) Env() []string { return []string{} } +func (p *Trustd) Env() []string { return []string{} } // Type implements the Service interface. -func (p *ROTD) Type() Type { return Forever } +func (p *Trustd) Type() Type { return Forever } diff --git a/src/initramfs/cmd/osd/main.go b/src/initramfs/cmd/osd/main.go index dee6473b2..943ce1db9 100644 --- a/src/initramfs/cmd/osd/main.go +++ b/src/initramfs/cmd/osd/main.go @@ -39,20 +39,20 @@ func main() { } if *generate { - if len(data.Services.ROTD.Endpoints) == 0 { + if len(data.Services.Trustd.Endpoints) == 0 { log.Fatalf("at least one root of trust endpoint is required") } creds := basic.NewCredentials( data.Security.OS.CA.Crt, - data.Services.ROTD.Username, - data.Services.ROTD.Password, + data.Services.Trustd.Username, + data.Services.Trustd.Password, ) // TODO: In the case of failure, attempt to generate the identity from // another RoT. var conn *grpc.ClientConn - conn, err = basic.NewConnection(data.Services.ROTD.Endpoints[0], *rotPort, creds) + conn, err = basic.NewConnection(data.Services.Trustd.Endpoints[0], *rotPort, creds) if err != nil { return } diff --git a/src/initramfs/cmd/osd/pkg/gen/gen.go b/src/initramfs/cmd/osd/pkg/gen/gen.go index de897624b..439204a1b 100644 --- a/src/initramfs/cmd/osd/pkg/gen/gen.go +++ b/src/initramfs/cmd/osd/pkg/gen/gen.go @@ -9,7 +9,7 @@ import ( stdlibnet "net" "time" - "github.com/autonomy/dianemo/src/initramfs/cmd/rotd/proto" + "github.com/autonomy/dianemo/src/initramfs/cmd/trustd/proto" "github.com/autonomy/dianemo/src/initramfs/pkg/crypto/x509" "github.com/autonomy/dianemo/src/initramfs/pkg/net" "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" @@ -18,19 +18,19 @@ import ( // Generator represents the OS identity generator. type Generator struct { - client proto.ROTDClient + client proto.TrustdClient } // NewGenerator initializes a Generator with a preconfigured grpc.ClientConn. func NewGenerator(conn *grpc.ClientConn) (g *Generator) { - client := proto.NewROTDClient(conn) + client := proto.NewTrustdClient(conn) return &Generator{ client: client, } } -// Certificate implements the proto.ROTDClient interface. +// Certificate implements the proto.TrustdClient interface. func (g *Generator) Certificate(in *proto.CertificateRequest) (resp *proto.CertificateResponse, err error) { ctx := context.Background() resp, err = g.client.Certificate(ctx, in) diff --git a/src/initramfs/cmd/rotd/main.go b/src/initramfs/cmd/trustd/main.go similarity index 90% rename from src/initramfs/cmd/rotd/main.go rename to src/initramfs/cmd/trustd/main.go index 1232bd8a0..bc503119d 100644 --- a/src/initramfs/cmd/rotd/main.go +++ b/src/initramfs/cmd/trustd/main.go @@ -4,7 +4,7 @@ import ( "flag" "log" - "github.com/autonomy/dianemo/src/initramfs/cmd/rotd/pkg/reg" + "github.com/autonomy/dianemo/src/initramfs/cmd/trustd/pkg/reg" "github.com/autonomy/dianemo/src/initramfs/pkg/grpc/factory" "github.com/autonomy/dianemo/src/initramfs/pkg/grpc/middleware/auth/basic" "github.com/autonomy/dianemo/src/initramfs/pkg/grpc/tls" @@ -40,8 +40,8 @@ func main() { creds := basic.NewCredentials( data.Security.OS.CA.Crt, - data.Services.ROTD.Username, - data.Services.ROTD.Password, + data.Services.Trustd.Username, + data.Services.Trustd.Password, ) err = factory.Listen( diff --git a/src/initramfs/cmd/rotd/pkg/reg/reg.go b/src/initramfs/cmd/trustd/pkg/reg/reg.go similarity index 90% rename from src/initramfs/cmd/rotd/pkg/reg/reg.go rename to src/initramfs/cmd/trustd/pkg/reg/reg.go index cfda49c3a..346c1476d 100644 --- a/src/initramfs/cmd/rotd/pkg/reg/reg.go +++ b/src/initramfs/cmd/trustd/pkg/reg/reg.go @@ -11,24 +11,24 @@ import ( "path" "time" - "github.com/autonomy/dianemo/src/initramfs/cmd/rotd/proto" + "github.com/autonomy/dianemo/src/initramfs/cmd/trustd/proto" "github.com/autonomy/dianemo/src/initramfs/pkg/crypto/x509" "github.com/autonomy/dianemo/src/initramfs/pkg/userdata" "google.golang.org/grpc" ) // Registrator is the concrete type that implements the factory.Registrator and -// proto.ROTDServer interfaces. +// proto.TrustdServer interfaces. type Registrator struct { Data *userdata.OSSecurity } // Register implements the factory.Registrator interface. func (r *Registrator) Register(s *grpc.Server) { - proto.RegisterROTDServer(s, r) + proto.RegisterTrustdServer(s, r) } -// Certificate implements the proto.ROTDServer interface. +// Certificate implements the proto.TrustdServer interface. func (r *Registrator) Certificate(ctx context.Context, in *proto.CertificateRequest) (resp *proto.CertificateResponse, err error) { // TODO: Verify that the request is coming from the IP addresss declared in // the CSR. @@ -44,7 +44,7 @@ func (r *Registrator) Certificate(ctx context.Context, in *proto.CertificateRequ return resp, nil } -// WriteFile implements the proto.ROTDServer interface. +// WriteFile implements the proto.TrustdServer interface. func (r *Registrator) WriteFile(ctx context.Context, in *proto.WriteFileRequest) (resp *proto.WriteFileResponse, err error) { if err = os.MkdirAll(path.Dir(in.Path), os.ModeDir); err != nil { return diff --git a/src/initramfs/cmd/rotd/proto/api.pb.go b/src/initramfs/cmd/trustd/proto/api.pb.go similarity index 80% rename from src/initramfs/cmd/rotd/proto/api.pb.go rename to src/initramfs/cmd/trustd/proto/api.pb.go index a9df06542..666cb1bad 100644 --- a/src/initramfs/cmd/rotd/proto/api.pb.go +++ b/src/initramfs/cmd/trustd/proto/api.pb.go @@ -35,7 +35,7 @@ func (m *CertificateRequest) Reset() { *m = CertificateRequest{} } func (m *CertificateRequest) String() string { return proto.CompactTextString(m) } func (*CertificateRequest) ProtoMessage() {} func (*CertificateRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_api_92247eb635a417db, []int{0} + return fileDescriptor_api_6d48f67e45b68bdd, []int{0} } func (m *CertificateRequest) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_CertificateRequest.Unmarshal(m, b) @@ -74,7 +74,7 @@ func (m *CertificateResponse) Reset() { *m = CertificateResponse{} } func (m *CertificateResponse) String() string { return proto.CompactTextString(m) } func (*CertificateResponse) ProtoMessage() {} func (*CertificateResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_api_92247eb635a417db, []int{1} + return fileDescriptor_api_6d48f67e45b68bdd, []int{1} } func (m *CertificateResponse) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_CertificateResponse.Unmarshal(m, b) @@ -115,7 +115,7 @@ func (m *WriteFileRequest) Reset() { *m = WriteFileRequest{} } func (m *WriteFileRequest) String() string { return proto.CompactTextString(m) } func (*WriteFileRequest) ProtoMessage() {} func (*WriteFileRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_api_92247eb635a417db, []int{2} + return fileDescriptor_api_6d48f67e45b68bdd, []int{2} } func (m *WriteFileRequest) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_WriteFileRequest.Unmarshal(m, b) @@ -167,7 +167,7 @@ func (m *WriteFileResponse) Reset() { *m = WriteFileResponse{} } func (m *WriteFileResponse) String() string { return proto.CompactTextString(m) } func (*WriteFileResponse) ProtoMessage() {} func (*WriteFileResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_api_92247eb635a417db, []int{3} + return fileDescriptor_api_6d48f67e45b68bdd, []int{3} } func (m *WriteFileResponse) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_WriteFileResponse.Unmarshal(m, b) @@ -202,107 +202,107 @@ var _ grpc.ClientConn // is compatible with the grpc package it is being compiled against. const _ = grpc.SupportPackageIsVersion4 -// ROTDClient is the client API for ROTD service. +// TrustdClient is the client API for Trustd service. // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type ROTDClient interface { +type TrustdClient interface { Certificate(ctx context.Context, in *CertificateRequest, opts ...grpc.CallOption) (*CertificateResponse, error) WriteFile(ctx context.Context, in *WriteFileRequest, opts ...grpc.CallOption) (*WriteFileResponse, error) } -type rOTDClient struct { +type trustdClient struct { cc *grpc.ClientConn } -func NewROTDClient(cc *grpc.ClientConn) ROTDClient { - return &rOTDClient{cc} +func NewTrustdClient(cc *grpc.ClientConn) TrustdClient { + return &trustdClient{cc} } -func (c *rOTDClient) Certificate(ctx context.Context, in *CertificateRequest, opts ...grpc.CallOption) (*CertificateResponse, error) { +func (c *trustdClient) Certificate(ctx context.Context, in *CertificateRequest, opts ...grpc.CallOption) (*CertificateResponse, error) { out := new(CertificateResponse) - err := c.cc.Invoke(ctx, "/proto.ROTD/Certificate", in, out, opts...) + err := c.cc.Invoke(ctx, "/proto.Trustd/Certificate", in, out, opts...) if err != nil { return nil, err } return out, nil } -func (c *rOTDClient) WriteFile(ctx context.Context, in *WriteFileRequest, opts ...grpc.CallOption) (*WriteFileResponse, error) { +func (c *trustdClient) WriteFile(ctx context.Context, in *WriteFileRequest, opts ...grpc.CallOption) (*WriteFileResponse, error) { out := new(WriteFileResponse) - err := c.cc.Invoke(ctx, "/proto.ROTD/WriteFile", in, out, opts...) + err := c.cc.Invoke(ctx, "/proto.Trustd/WriteFile", in, out, opts...) if err != nil { return nil, err } return out, nil } -// ROTDServer is the server API for ROTD service. -type ROTDServer interface { +// TrustdServer is the server API for Trustd service. +type TrustdServer interface { Certificate(context.Context, *CertificateRequest) (*CertificateResponse, error) WriteFile(context.Context, *WriteFileRequest) (*WriteFileResponse, error) } -func RegisterROTDServer(s *grpc.Server, srv ROTDServer) { - s.RegisterService(&_ROTD_serviceDesc, srv) +func RegisterTrustdServer(s *grpc.Server, srv TrustdServer) { + s.RegisterService(&_Trustd_serviceDesc, srv) } -func _ROTD_Certificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { +func _Trustd_Certificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(CertificateRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(ROTDServer).Certificate(ctx, in) + return srv.(TrustdServer).Certificate(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.ROTD/Certificate", + FullMethod: "/proto.Trustd/Certificate", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(ROTDServer).Certificate(ctx, req.(*CertificateRequest)) + return srv.(TrustdServer).Certificate(ctx, req.(*CertificateRequest)) } return interceptor(ctx, in, info, handler) } -func _ROTD_WriteFile_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { +func _Trustd_WriteFile_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(WriteFileRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(ROTDServer).WriteFile(ctx, in) + return srv.(TrustdServer).WriteFile(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/proto.ROTD/WriteFile", + FullMethod: "/proto.Trustd/WriteFile", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(ROTDServer).WriteFile(ctx, req.(*WriteFileRequest)) + return srv.(TrustdServer).WriteFile(ctx, req.(*WriteFileRequest)) } return interceptor(ctx, in, info, handler) } -var _ROTD_serviceDesc = grpc.ServiceDesc{ - ServiceName: "proto.ROTD", - HandlerType: (*ROTDServer)(nil), +var _Trustd_serviceDesc = grpc.ServiceDesc{ + ServiceName: "proto.Trustd", + HandlerType: (*TrustdServer)(nil), Methods: []grpc.MethodDesc{ { MethodName: "Certificate", - Handler: _ROTD_Certificate_Handler, + Handler: _Trustd_Certificate_Handler, }, { MethodName: "WriteFile", - Handler: _ROTD_WriteFile_Handler, + Handler: _Trustd_WriteFile_Handler, }, }, Streams: []grpc.StreamDesc{}, Metadata: "api.proto", } -func init() { proto.RegisterFile("api.proto", fileDescriptor_api_92247eb635a417db) } +func init() { proto.RegisterFile("api.proto", fileDescriptor_api_6d48f67e45b68bdd) } -var fileDescriptor_api_92247eb635a417db = []byte{ - // 217 bytes of a gzipped FileDescriptorProto +var fileDescriptor_api_6d48f67e45b68bdd = []byte{ + // 219 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4c, 0x2c, 0xc8, 0xd4, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x62, 0x05, 0x53, 0x4a, 0x6a, 0x5c, 0x42, 0xce, 0xa9, 0x45, 0x25, 0x99, 0x69, 0x99, 0xc9, 0x89, 0x25, 0xa9, 0x41, 0xa9, 0x85, 0xa5, 0xa9, 0xc5, 0x25, 0x42, @@ -312,9 +312,9 @@ var fileDescriptor_api_92247eb635a417db = []byte{ 0xd5, 0x2d, 0x33, 0x07, 0x6e, 0xa4, 0x10, 0x17, 0x4b, 0x41, 0x62, 0x49, 0x06, 0x58, 0x21, 0x67, 0x10, 0x98, 0x0d, 0x12, 0x4b, 0x49, 0x2c, 0x49, 0x94, 0x60, 0x02, 0x6b, 0x06, 0xb3, 0xc1, 0xea, 0x52, 0x8b, 0x72, 0x25, 0x98, 0x15, 0x18, 0x35, 0x58, 0x83, 0xc0, 0x6c, 0x25, 0x61, 0x2e, 0x41, - 0x24, 0xf3, 0x20, 0x56, 0x1b, 0x4d, 0x60, 0xe4, 0x62, 0x09, 0xf2, 0x0f, 0x71, 0x11, 0x72, 0xe3, - 0xe2, 0x46, 0x72, 0x9a, 0x90, 0x24, 0xc4, 0x83, 0x7a, 0x98, 0xde, 0x92, 0x92, 0xc2, 0x26, 0x05, - 0x31, 0x4e, 0x89, 0x41, 0xc8, 0x81, 0x8b, 0x13, 0x6e, 0x8b, 0x90, 0x38, 0x54, 0x29, 0xba, 0x3f, - 0xa4, 0x24, 0x30, 0x25, 0x60, 0x26, 0x24, 0xb1, 0x81, 0xa5, 0x8c, 0x01, 0x01, 0x00, 0x00, 0xff, - 0xff, 0x45, 0xd6, 0xa4, 0x2f, 0x67, 0x01, 0x00, 0x00, + 0x24, 0xf3, 0x20, 0x56, 0x1b, 0x4d, 0x62, 0xe4, 0x62, 0x0b, 0x29, 0x2a, 0x2d, 0x2e, 0x49, 0x11, + 0x72, 0xe3, 0xe2, 0x46, 0x72, 0x9c, 0x90, 0x24, 0xc4, 0x8b, 0x7a, 0x98, 0x1e, 0x93, 0x92, 0xc2, + 0x26, 0x05, 0x31, 0x50, 0x89, 0x41, 0xc8, 0x81, 0x8b, 0x13, 0x6e, 0x8f, 0x90, 0x38, 0x54, 0x29, + 0xba, 0x4f, 0xa4, 0x24, 0x30, 0x25, 0x60, 0x26, 0x24, 0xb1, 0x81, 0xa5, 0x8c, 0x01, 0x01, 0x00, + 0x00, 0xff, 0xff, 0x80, 0xe5, 0x5e, 0xbe, 0x69, 0x01, 0x00, 0x00, } diff --git a/src/initramfs/cmd/rotd/proto/api.proto b/src/initramfs/cmd/trustd/proto/api.proto similarity index 92% rename from src/initramfs/cmd/rotd/proto/api.proto rename to src/initramfs/cmd/trustd/proto/api.proto index 89a46141f..0a0ba0624 100644 --- a/src/initramfs/cmd/rotd/proto/api.proto +++ b/src/initramfs/cmd/trustd/proto/api.proto @@ -3,8 +3,8 @@ syntax = "proto3"; package proto; -// The ROTD service definition. -service ROTD { +// The Trustd service definition. +service Trustd { rpc Certificate(CertificateRequest) returns (CertificateResponse) {} rpc WriteFile(WriteFileRequest) returns (WriteFileResponse) {} } diff --git a/src/initramfs/pkg/userdata/userdata.go b/src/initramfs/pkg/userdata/userdata.go index 479e8afcc..27a18cf46 100644 --- a/src/initramfs/pkg/userdata/userdata.go +++ b/src/initramfs/pkg/userdata/userdata.go @@ -47,7 +47,7 @@ type Networking struct { // Services represents the set of services available to configure. type Services struct { Kubeadm *Kubeadm `yaml:"kubeadm"` - ROTD *ROTD `yaml:"rotd"` + Trustd *Trustd `yaml:"trustd"` } // File represents a files to write to disk. @@ -73,12 +73,12 @@ type InitConfiguration struct { SelfHosted bool `yaml:"selfHosted,omitempty"` } -// ROTD describes the configuration of the Root of Trust (RoT) service. The +// Trustd describes the configuration of the Root of Trust (RoT) service. The // username and password are used by master nodes, and worker nodes. The master // nodes use them to authenticate clients, while the workers use them to // authenticate as a client. The endpoints should only be specified in the // worker user data, and should include all master nodes participating as a RoT. -type ROTD struct { +type Trustd struct { Username string `yaml:"username"` Password string `yaml:"password"` Endpoints []string `yaml:"endpoints,omitempty"`